1.22	10/Apr/2004

*	Bug in uudecoding component fixed. Now will recognise a message
	as having uuencoded bits even if uudecode not installed. 
	Note: if you expect Q-S to unpack certain things (instead of 
	just detect them), make sure you have such unpackers 
	installed... (e.g. unzip, uudecode).

*	New logging feature: "--log-crypto". More for the Corporate 
	environments. Simply notes in the log record if the message contained
	any form of digital signing or encryption (S/MIME, PGP and password
	protected ZIP files for now). Disabled by default as your site may
	have privacy issues in turning this on...

*	reverted calling /usr/bin/suidperl back to the "official" way of doing
	suid perl: /usr/bin/perl

*	Standardized date timestamps in logs. There was a mix of formats - not
	too nice to see...

*	Fixed buglet where Q-S was replacing X-Spam-Level when it shouldn't be

*	Removed RAV from list of supported AVs as Microsoft bought them out an
	they have ceased development.

*	archive support was broken (fat-finger problem) - fixed.

*	Bug in how Q-S policed boundaries has been relaxed, given some bizarre 
	but valid behaviour by Eudora.

*	Changed exit code check for sub-avp.

*	The locale is forced to "C" (English) at the beginning of Q-S. That 
	will standardize the output of localized apps (such as AVs) so that 
	the string regexes will work more reliably. Note that this has 
	nothing to do with the normal Q-S language support

*	If you have set $spamc_subject (which allows you to put a string at the
	beginning of the Subject line when SPAM is found), then Q-S now checks 
	to see if that string is already present so as not to double-add it.

*	Added Danish locale - thanks to Max Andersen


1.21	11/Mar/2004

*	"--fix-mime" now defaults to "2". This enables a bunch of extra MIME checks that have proven to
	be very useful. You can reset "--fix-mime 1" to regain older behaviour if you need to, but please
	let me know why it isn't working for you...

*	$hostname is now dynamically set instead of being hardwired. This should make pushing out
	Q-S onto multiple boxes a bit easier.

*	zipfiles are no longer deleted after unpacking to allow AV a better go at the original zip.
	These Bagle/password-protected zip files viruses mean deleting any information (such as a zip
	file you thought you didn't need any more) may be a bad thing...

*	Due to those grotty new password-protected viruses showing up, Q-S now has the option of 
	blocking password-protected zip files ("--block-password-protected").  It obviously has
	to use the systems "unzip" program - which has to support passwords. It can be used without
	having to fully turn on the "--unzip" option.

*	The CR/NULL char check has historically caused grief for some sites. Even though I feel that 
	people should fix the broken client that generates such messages, Q-S now allows you to configure
	it with a "--ignore-eol-checks" which will turn off those checks - but allows it to keep doing 
	the other invalid MIME checks. I hope now that no-one will need to use "--fix-mime 0"

* 	In an attempt to prevent people getting concerned that Qmail-Scanner is letting through 
	viruses - when it isn't, Q-S now treats any bounced e-mail that appears to contain MIME 
	headers in the body as potentially containing an attachment. As such it will now
	allow the virus scanners to scan them. Previously Q-S
	would only scan them if the bounced e-mail was an attachment to the bounce - which obviously 
	should be scanned. Some MTAs (such as raw Qmail) simply append the original message to bounces, which 
	slips through Q-S as a "plain/text" message that doesn't need scanning. However, some other SMTP 
 	virus scanners scan them anyway, and people were becoming concerned that Q-S was "broken" because it
	wasn't detecting them - even though no known MUA could actually get infected off such a bounced message. 
	Go figure! It's one of these cases of needing to "be seen to be doing the right thing" - even when there
	is really no need...

*	More work on getting that suidperl check working correctly

*	Big Change: Qmail-Scanner now defaults to only sending alerts to "psender,nmlvadm". i.e. only 
	alert sender and admin when the e-mail  isn't assosiated with a mailing-list, and the quarantining
	event is due to a policy block instead of an AV block. Note: if the string "virus" shows up in the first
	20 chars of the description of the policy block within quarantine-attachments.txt, then that too is treated
	as a virus and no notification will be sent either. The outcome of this new default is that quarantined 
	virus-infected e-mails won't send alerts to anyone, whereas e-mails quarantined due to other reasons
	(e.g. MIME fiddles or you chose the "--block-password-protected" zip file option) will cause alerts. 
	The rationale behind defaulting to not notifying senders of viruses is that the vast majority of viruses 
	now alter the envelope from header, so there is no point in notifying someone who didn't send the 
	virus - that they have a virus!

*	Pasi Krkkinen and Jyri Hovila sent in updates for fsecure

*	Updated sub-avp.pl for Kaspersky kavscanner 5.0.1.0. I ASSUME THIS WILL BREAK OLD INSTALLS OF 
	kavscanner! Please upgrade your scanner. Thanks to Erik Wasser for the update

*	Changed reference to vpopmail bug to specifically say this is to do with "pop-before-smtp"
	functionality - the only part where vpopmail strips out/doesn't set the QMAILQUEUE variable

*	Updated silent-viruses to skip notifying sender on my worm virus types

*	Optimizing some of the regex used. Thanks to Doug Monroe

*	Change references to quarantine maildir in alert e-mails to refer to the actual e-mail 
	file itself. Otherwise you're having to get a maildir-capable MUA up and running, and then
	searching through the 1,000's of viruses you probably have for the actual message you're
	after. Thanks to Salvatore Toribio for the suggestion.


*	Rewrote a few error msgs to be a bit more concise

*	Bug in how SA decides to run in fast-vs-verbose mode discovered by Jonas Thomsen - fixed.

*	Slovak locale translation added - thanks to Viktor Daniel

*	Documentation changes

*	Bug in how archiving was disabled in the configuration script fixed. Thanks to Alex Pleiner

*	Renamed references to clamuko to clamdscan - clamuko is an inline virus scanner for filesystems!

*	changed default max-space that clamscan can use to 100M

*	added X-Spam-Level header. This header adds "+" chars - one for each point scored up to a max of 100. 
	This is to allow less sophisticated mail filters (i.e. Outlook Rules Wizard ;-) to do more intelligent 
	things such as "delete mail that has "X-Spam-Level: ++++++++++" - i.e. delete spam with a score over 10.
	Note that SA itself defaults to using a "*" char instead of "+", but that's a wildcard character, so I
	think we'd be better off with "+" [which is a regex char - but if you're the type of person using a filter
	that parses regex, then you're the type of person who'd know how to escape it too ;-)]

1.20	5/Nov/2003

*	The IP address of the SMTP client is now added to the RC field in the Q-S logs. I have conceded 
	the arguement to Jesse Guardiani after having to track a virus that came in via a dialup user. 
	The information is there in the other Qmail logs - but it does take a while to figure out, so now
	it's part of the Q-S logs. (e.g. "RC:0(1.2.3.4):" shows the SMTP client was 1.2.3.4 and that they are 
	*not* a RELAYCLIENT address).

*	tidied up the fsecure and fprot subroutines

*	Nicolas Croiset pointed out the contrib/sub-avpdaemon.pl didn't have support
	for the new TMPDIR area. Fixed

*	qs2mrtg.pl (and .cfg) added to contrib directory. This script reads syslog-only formatted
	Q-S log records and converts them into MRTG graphs mail throughput,viruses and 
	spam stats. Run it as a cronjob like:

	*/5 * * * *     /usr/bin/qs2mrtg.pl && /usr/bin/mrtg /var/www/html/mrtg/mrtg-qmail-scanner.cfg > /dev/null 2>&1

1.20rc4	7/Oct/2003

*	Put back references to Vpopmail breaking Qmail-Scanner in the FAQ. There are 
	just too many people having problems with Vpopmail for me to ignore.

*	Have had enough of dealing with problems with find on different OSes. From
	now on all temp dirs (where email unpacking occurs) now occurs under 
	/var/spool/qmailscan/tmp. That way find can just run over that dir and 
	can deal with dirs as well as files...

*	Improved Fsecure version details to include the sub-engines it uses - gah!

*	Made recreation of versioning information more resilient. Thanks to
	Mark Simon Powell

*	Just a note that there has been a change in the logging format. Actually there hasn't
	- it's just that apparently no-one can read my mind to realise it follows a format :-)
	Basically the "Clear:RC:0:SA:1(11.5/5.0):" part of the logging follows the following format:

	"Name" : "Value" 

	...and are separated from each other by a colon ":" - sorta "colon separated values" :-)

	Hence above translates to "not quarantined", "SMTP client wasn't a relayclient", "was spam".

	The exception is "Clear" - which is always bunged onto the front of any message that was
	*NOT* quarantined - it probably should be "Clear:1" or something silly like that - but I
	just like to save the extra two chars ;-)

*	bug found in re-org of AV ordering fixed.

*	fixed bug in SA lowercasing of email addresses when passed to spamc.

*	bug in new setuid perl checks stopping people from running the
	C-wrapper version. Added new configure option: "--skip-setuid-test"

1.20rc3 2/Sep/2003

*	Major change: Qmail-Scanner now runs under it's own separate account
	to give better priviledge separation. Defaults to "qscand". Make sure 
	you check that any daemonized versions of virus scanners run as the
	same account - otherwise they won't be able to scan within the 
	/var/spool/qmailscan directory. Upgrade from previous releases by:

	disable SMTP (e.g. svc-stop /service/smtpd)
	chown -R qscand:qscand /var/spool/qmailscan
	edit (to make run as qscand) and restart any daemonized AVs
	run ./configure ..... --install
	re-enable SMTP (e.g. svc-start /service/smtpd)

	Note: this is only needed for upgrading from releases running under 
	"qmailq". New site installs and future releases will be fine again

*	Updated FAQ to mention Redhat9 issues with Qmail, and more information
	on how daemonized versions of AV programs should be run WRT Q-S

*	made perlscanner run AFTER antivirus scanners. That way if an attachment contains
	a virus, it will be flagged as such, instead of relying on the generic attachment-blocking 
	(i.e. Policy) to catch it.

*	Changed SpamAssassin module to work with upcoming 2.60. Thanks to Doug Monroe

*	Bug in the order that clamscan was found on your system stopped it from being run first 
	like I claimed in RC1! Fixed

*	Buglet in SA lowercasing of email addresses when passed to spamc.


1.20rc2 20/Aug/2003

*	Bug in text/plain checking found. Pretty major really. I had checks to see if 
	an attachment was found in the e-mail, but didn't check to see if 
	@attachment_list actually had anything when the decision was made. Thanks to Alex
	Shipp for finding that.

1.20rc1	15/Aug/2003

*	Changed defaults so that clamav scanners are listed as the first
	scanners. This means if you have clam + some commercial AV scanning 
	all your emails, you'll be able to tell from the logs just how 
	often the commercial AV is actually catching anything... It'd be
	great to see clamav catching everything :-)

*	SpamAssassin now puts "?" chars in instead of "0" when it fails
	to get an answer from spamd: this is typically due to the msg being
	too big or spamd being down. It used to be that way, but someone didn't
	like it and I changed it to "0". Now of course that was a bad decision as 
	that actually implies the email wasn't spam - not that an error occured.

*	FIX: the tempfail function has been renamed error_condition and now
	allows Qmail-Scanner to return permanent errors along with it's 
	current temp failures. This will allow filters such a qfilter to
	be used with Qmail-Scanner.

*	Rav AV updated as they've changed the format again. This may break
	older releases of ravlin8 - but you don't need to run those now do
	you :-)

*	BIG CHANGE: "--unzip" disabled by default now. This means Q-S now
	relies on the AV systems to unzip the files, and also means that
	if you block (say) .EXE files, they can now get in via putting them
	within a ZIP file. If you want the old behaviour, use "--unzip yes" 
	again.

*	Maciej Budzyski has provided new Polish translations.

*	Removed references to broken installs of VPopmail causing problems.
	Apparently there has never been a problem with VPopmail - only 
	mis-installation by some people (hey, don't shoot me - I'm only the
	messenger!).

*	Better logging detail - so you can tell what is quarantining what.
	
*	Logging now includes whether or not the email was from a RELAYCLIENT 
	SMTP client ("RC" == 1 or 0). Useful for seeing if any of your users 
	(i.e. RC(1)) are sending *out* viruses... (i.e. good to trigger alerts off)

*	Update FSecure module to handle newer versions

*	Updated configure to check setuid'ness better. Still not perfect...

*	Buglet in message/partial definition in quarantine-attachments.txt 
	fixed

*	Buglet in how qmail-queue was found on systems with non-standard
	Qmail installs fixed. Thanks to Adrian Offerman

*	Made a jump to 1.20 to demonstrate the added functionality.

*	Changed some variable names to better reflect their function.

*	Added "--batch" option to ease scripting - it stops configure asking for
	input. Thanks to Douglas Schilling Landgraf

*	This release candidate has added some simple MIME parsing that captures
	quite a few viruses/trojans. Since it may also catch some valid mail in an 
	unusual layout, it is not enabled by default. To test (and *please* do!!!),
	you need to set "--fix-mime 2". Please notify the list as to any problems,
	as the intention is to make these checks part of the standard configuration
	by 1.20 release...

*	Dutch language support added by Martin Roest

*	A hack added to try to make the syslog call work on broken Solaris perl 
	installs.

*	configure now uses "strings -a" so that it'll work on AIX. Should
	still work on other OSes...

* 	Q-S now skips virus-scanning messages that are either text/plain 
	or non-MIME/uuencoded. This will speed things up a tad. Note that if 
	configured for SpamAssassin, that will still be run - just the virus scanners 
	are skipped. Again, due to the potential of missing messages that should have
	been treated as having attachments, you need to have used "--fix-mime 2" to
	enable.

*	Fixed bug with the "-z" option not leaving the archives maildir
	tree alone. It was deleting old messages lying around in there...

*	Made QS better at detecting old Sun "enriched" mail so that the 
	new MIME detection code doesn't mis-label it.

*	SpamAssassin now sets the spamc "username" field to the recipient address.
	This only happens if there is ONE recipient. If a spammer sends a spam to
	20 local users in one SMTP session, then no user-specific SA rules will 
	apply, but all the general SA rules still do of course. Note: As spamc
	must be passed the recipient address on the commandline, Q-S has to strip
	back the e-mail address to shell-friendly chars - this should be fine for
	99.9% of your e-mail addresses, but may mean that the more odd addresses won't 
	be able to access their user-specific SA options. The address is also lowercased
	before being passed to spamc. Note that all this has no effect on the recipient 
	address of the e-mail - just the address used for "spamc -u ..."

*	Made errors in reformime appear to debug file.

*	Fixed BUG in SpamAssassin subroutine where the wrong SA score could be found. 
	Thanks to Dallas Engelken

*	Block messages with Windows executables that are *not* of MIME type application/*
	Never seen in the wild unless they are viruses. This may block some bogus mail
	that is otherwise valid, so you can only get this by setting "--fix-mime 2"
	when configuring.

*	Explicitly block double-barrelled filenames which end in known Windows "executable"
	stype extensions - such as "file.doc.pif". Again, only
	seen assosiated with viruses. This may block some bogus mail
	that is otherwise valid, so you must set "--fix-mime 2" when configuring to enable.

*	Block messages with attachment filenames over 256 chars in size. There are buffer 
	overflows in... (go on - guess!)... Outlook that exploit this issue. As most file
	systems don't support filenames over 256 chars anyway (e.g. NTFS and ext2), this 
	shouldn't inconvenience anyone.

*	Added support for the Central Command Vexira virus scanner

*	NOTE: format of "--archive" option has been changed!!! All archiving goes to a 
	maildir called "archive" now - whereas it used to allow you to change that dir
	name.

	Archiving now supports archiving only mail to or from a regex (as well as 
	archiving everything). e.g.

	./configure --archive "jason|harry"

	would make Qmail-Scanner only archive mail where the sender or recipient
	contained the string "jason" or "harry". NOTE: this is only matching on the
	envelope headers ("mail from", "rcpt to") - not arbitrary headers or body 
	content.


1.16	3/Feb/2003

*	Changes some occurances of rename to link due to recent
	discussions on how OpenBSD handles PIDs...

*	Buglet in detection code in configure fixed. Thanks to Ted Behling

*	Added SoBig to the list of viruses that shouldn't generate an alert
	to the sender.

*	Altered error messages when virus scanners crash to more pointedly
	suggest that people should check their memory sizing... Thanks
	to Rick Romero for the suggestion

*	Now checks for comments within mail header names. Some viruses
	are shoving comments in them to make AV systems miss them...

*	Documented problem with vpopmail not reading the tcpserver SMTP
	rules correctly.

*	Updated RAV support. Newer versions now exit status 1 when no
	virus found - go figure!

*	Put more sanity checks in the SA return values. Looks like people
	are running all sorts of broken SA installs out there...

1.15	30/Oct/2002

*	Silent viruses configure option changed to default to "auto". 
	Older version didn't have this, which means that those relying
	on looking at the previous install of Q-S to tell them what the
	configuration options were should re-run ./configure without 
	the "--silent-viruses" option to reset their config correctly.

*	Cleaned up configure a bit.

*	made test_installation.sh to send spam message to test SpamAssassin
	if it's installed. Thanks to Michel Bouissou for these ideas

*	Support for perl 5.8.0! A one-char alteration made it all work 
	again. Thanks to Emerson Wu

*	Added bugbear/tanatos to the exclude list along with klez.

*	Workaround for SpamAssassin bug where it doesn't report a spammy 
	message as spam when it marks it as such (i.e. SA 2.4X)

*	Added important new entry into quaratine-attachments.txt. Everyone
	should seriously consider adding this to their own copy as it will
	stop a potentially nasty future exploit. This does mean your site
	will basically block all "message/partial" MIME types from now on,
	but I've never seen anyone use them "in the wild" anyway, so it 
	should be low risk.

*	Updated HBDEV to handle newer versions

*	Changed AVP - Kaspersky regex to better match new engine. Thanks to 
	Thorsten Spaeth.

*	Comment in FAQ that sophie/trophie/other daemonized scanners should
	be run with larger than needed memory softlimits. Setting a
	higher limit reduces the likelyhood that (say) an
	automated pattern file update at 2am (that pushes up the memory
	requirements) suddenly make your Qmail-Scanner server
	start reporting out-of-memory errors! :-)

*	Strip illegal_chars out of headers when generating alert messages.
	
1.14    14/Aug/2002 

*	Bug found in 1.13 SpamAssassin code that allows you to change the
	Subject line. Fixed thanks to Chris Hine

*	Moved some of the alert text around so that the admin e-mail still
	contains a description of the quarantine event.

1.13	5-Jul-2002

*	Big change to logging. Now a message to 20 recipients creates 20
	log entries. This will dramatically improve the usefulness of the
	log entries (the size-limit issues of syslog almost disappear)
	
*	Added new tracking header X-Qmail-Scanner-Message-ID. This is 
	normally set to Message-ID - but is randomly generated if that
	header doesn't exist. It's used in the logging so as to provide
	an explicit linkage between different log entries from the same
	message. It is used internally, and is only added to actual messages 
	that don't have a Message-ID header.

*       Alerts now refer to the envelope "mail from" address instead of the
	address shown in the From: header. There are too many trojans
	out there screwing around with these things that it's just too
	confusing to try to be smart now.

*	New feature! Envelope headers ("mail from" and "rcpt to") and the
	IP address of the SMTP client (TCPREMOTEIP) are now 
	made available to the perlscanner module! You can now use
	Virus-MAILFROM,Virus-RCPTTO and Virus-TCPREMOTEIP to match on 
	those headers. Note that they are uppercased - to separate them 
	from standard mail headers - which are always lowercased.

*	Strip out line breaks from SCANINFO - apparently some virus scanners
	have CR in their version ids...

*	Changed all occurances of "Illegal" to "Disallowed". Illegal seems
	a bit harsh...

*	Quarantine alert messages now contain ALL headers.
	Will need to keep an eye on this when Q-S introduces
	body-scanning. You could get an infinite loop...

*	More examples added to quaratine-attachments.txt. Everyone should
	read it to see if there's anything they want, as if you are just 
	upgrading Q-S, your existing quarantine-attachments.txt file is 
	NOT touched.

*	ensure that regenerating the perlscanner DB fails if the TXT
	file is unreadable.

*	Fixed bug in perlscanner that stopped you having header matches that
	contained the same regex.

*	Changed sub-avp again (Kaspersky  AVPLinux scanner) - sheesh!
	
*	Information Leakage: some people have complained about how Q-S
	tells the sender and recips where the unpacked message was. Now
	the admin, sender and recips are sent separate messages, and only
	the admin address will receive such details. The rest will be told
	that their message contains a "XXX" virus - but no file path details.

*	Added new feature to limit the damage done by trojans that change
	the From address to be someone other than the person actually sending 
	the trojan. '--silent-viruses="klez,othernastyvirus"' would mean
	that *IF* a virus is detected, AND the string "klez" or 
	"othernastyvirus" appears in the virus description given by the 
	virus scanner, THEN the quarantine alert message is NOT sent to the
	supposed sender - as it won't actually have been them. This
	may help limit the confusion people are feeling these days
	with such anti-social (more anti-social?) viruses
	Thanks to Greg Wildman  for the implementation.

*	Added new feature to "fast_spamassassin". If you change this to
	"fast_spamassassin='*****SPAM*****'", then the faster SA setting
	is still used, but the string "*****SPAM*****" is prepended
	to the Subject: line. Apparently users find the other methods
	of finding the SA tags too difficult :-)
	Note: the format is actually "fast_spamassassin=<string>" - so you
	can have any single-word marker there that you want. Just make sure
	it looks obvious.

*	Fixed bug where logging reports quarantine message being sent to 
	recipients even when Q-S configured to not notify recips! (they 
	weren't actually sent anything - but it was reported they did...)

*	Changed documentation to reflect the fact that setting QMAILQUEUE
	within the tcpserver rules file is now the ONLY supported way of
	setting Qmail-Scanner. The other methods are too diverse to document
	correctly, so let's just stick to the one that works best.

*	Document that DB_File has disappeared from Perl 5.6.1

*	By default, SpamAssassin is only run on Email that comes from 
	"non-local" SMTP clients. That is decided on the lack of the
	RELAYCLIENT environment variable (see Qmail docs). If that doesn't 
	do what you want, you can also set 
	"QS_SPAMASSASSIN=on" in your tcpserver rules file to
	force SA to be run.

*	More explicit documentation that the SpamAssassin support DOES NOT
	QUARANTINE POTENTIAL SPAM!!!! There - I think that's pretty 
	explicit :-) SpamAssassin has always been designed to "tag" messages
	as being spam, and to make the USER (not the Sys Admin!) decide what to
	do with it.

*	Added support for CLAM AV. An Open Source (yup!) antivirus scanner that
	uses the Openantivirus.org ScannerDaemon pattern files.

*	Fixed buglet in ravlin detection

*	Updated kavscanner subroutine

*	Fixed bug in configure script's generating of the CMDLINE

*	Updated ./contrib/test_installation.sh to be a bit more descriptive

*	Documented quarantine philosphy. Apparently I just expected you all to
	work it out for yourselves...

*	Documented that SpamAssassin is only run on mail deemed not to be local
	via the standard Qmail RELAYCLIENT environment variable. i.e. if
	to SMTP client is classified as local, it won't be spam-scanned...

*	fixed buglet in how redundant_scanning handled zipped attachments. 
	Thanks to Brian Johnson.

1.12	6-May-2002

*	cut-n-paste bug in quarantine-attachments.txt that would break
	new installs of Qmail-Scanner. Duh! - did that last year too!

*	another bug in how the documentation says to run SpamAssassin. 

*	Added "-eec" to sweep to gain access to the "extended error codes".

*	Documented some SpamAssassin issues.

1.11	26-Mar-2002

*	Must be using maildrop-1.3.8 or later due to bug in previous
	releases.

*	Added sub-sender-cache.pl to contrib. This was work done for
	element5.de - who wanted the ability to restrict Q-S to only
	send a limited number of alerts regarding quarantine events 
	per sender. Using this option makes Q-S create a separate 
	DB file where it tracks how many times an alert is sent to
	an Email address. It also saves the timestamp so that you can
	configure it to do things like "only send 5 alerts within a 
	7 day period to any individual Email address". The main use of
	this would be to limit the amount of "spamming" the AV admin
	receives when an individual infected PC is busily spamming
	everyone in its addressbook 1000 times over...

*       By default the OS "unzip" program doesn't support "shrink" 
	as a compression algorithm - and exits 81 - which means this sort
	of message would never get through Q-S. That shouldn't happen as
	there's nothing Q-S can do to fix that. So I have checked the unzip
	error codes, and now let some "broken" unzips be treated as OK - as
	there's nothing else Q-S can do to correct them... This will mean
	some zip files with viruses will get through Qmail-Scanner, so of 
	course you will be then relying on your antivirus product to catch 
	such things...

*	Added NULL char to my (small) list of chars to treat
	as hostile. I wonder if I should reverse this and block
	everything that is not an acceptable char instead....

*	Whoops! I see my references to "lone LF" is incorrect: "\r"
	is a CR not a LF! Duh! :-) Oh well, just a documentation typo.

*	SpamAssassin v2 is supported. New feature in v2 allows
	Qmail-Scanner to *halve* the amount of traffic generated doing a
	SpamAssassin check! If you want to use the old-style support
	(which recreates the entire message with  the SpamAssassin headers 
	added), then ./configure with "verbose_spamassassin" as the
	scanner name instead of "fast_spamassassin". Note: I don't like the 
	"verbose_spamassasin" method - so *please* try to move to the new 
	method, as there's going to be more of that in the future with 
	Body content-scanning/etc. If your users want to auto-move
	Emails in their mailer marked as Spam under the new method,
	you can match on:

	"Received: .* with qmail-scanner.*Clear:SA:1"

	or...

	"X-Spam-Status: Yes,"

*	Allow the "Clear" message to now include "scoring" so that scanners
	such as SpamAssassin can still report what they found, even if a
	quarantine event didn't occur.

*	It is now a requirement to have Sys::Syslog as all errrors are
	reported by syslog. It makes sense.

*	masses of changes in configure to actually check that programs
	and scanners called by Q-S actually work correctly before being
	used. Should cut down on run-time errors, but cause a flood of 
	people saying "why does Q-S claim scanner XXX doesn't work on my
	system?" :-) I just can't win ;-)


1.10	22-Jan-2002

*	Jumped from 1.03 to 1.10 to reflect internal changes

*	Phase out referring to ulimit. That utils is OS-dependent and
	doesn't work consistently well. Everyone should use softlimit from
	daemontools instead.

*	Added calling UID to Received header - and to debug logs.

*	Renamed logging reference of "perlscanner" to "qmail-scanner". Why
	on earth did I ever do it that way in the first place?!?!? 

*	Added support for Command's AV scanner. Thanks to John Lombardo
	for doing the port.

*	Added support for SpamAssassin.

*	Changes to logging: Logging used to have a boolean to describe
	whether a message was quarantined or not.
	This has been changed to now be either "Clear" or the scanner 
	responsible for that quarantine event plus the 
	first 10 chars of the name of the quarantine event (e.g. "Clear:0").
	This should mean you can now use either your syslog logs or the
	mailstats.cvs log to produce stats on ALL mail through your server
	as well as virus penetration events, etc (i.e. the quarantine.log
	file is now redundant). 

*	ALSO CHANGED THE ORDERING!!! This was to ensure details that were 
	under user-control didn't cause details such as message size to be
	cut off when logging via syslog. 

*	Removed recording Date: header in logs - they're all timestamped 
	anyway, so it's almost redundant.

*	"./configure --scanners sweep,vscan", etc now supported. Default
	is like old system: "./configure --scanners auto" - which auto
	detects what supported scanners are installed on your system.
	This can now be overridden so that you can have 5 different
	scanners installed on your system, and yet only have Qmail-Scanner
	use one of them if you like.

*	Added support for SpamAssassin! If you have a working installation
	of the SpamAssassin spamd installed, then Q-S will configure itself
	to pipe every message received through and resend the message
	as altered by SpamAssassin. This could seriously annoy your users
	as this is a site-wide installation of SpamAssassin - unlike it's
	normal per-user install. See FAQ for details.

*	Now will use syslog to report any temp errors directly if 
	"--log-details syslog" set. This is so that such errors end
	up somewhere more noticable than the standard Qmail multilog
	area (which no-one monitors!)

*	Added support for Trophie - a GPLed daemonized version of Trends 
	vscan. Please read the FAQ on how to install it so that it will
	correctly run with Q-S. Ensure you are comfortable with trophie
	before using it within Q-S. NO QUESTIONS ON Q-S MAILING-LISTS
	PLEASE!!!

*	Extra comments about Sophie/Trophie added. 

* 	"--fix-mime" option will now block as viral any message containing
	LF chars in the headers. This will stop Badtrans and the like. Only
	a very broken mailer should otherwise get hit by this.
	*Please* tell me if any non-bad mail is caught by this!!!

*	Removed kill check for dead qmail-smtpd processes (the "Whoa!" error).
	 There are some weird issues with it on some systems, and it isn't 
	needed anyway. If qmail-smtpd dies, the parent PID of Q-S becomes 
	"1" - so just check for that instead! This means the "--smtpd-check"
	option has been removed!!!

*	Minor wording changes

*	Minor issue with archive mode corrected

*	Sanity check added to ./configure to help ensure up-to-date
	version of tnef is installed if it is installed at all.

1.03	4-Dec-2001

*	Whoops! Forgot my tabs in the quarantine-attachments.txt file
	(darn X-Windows cut-n-paste!)

*	New sub-svpdaemon.pl added to contrib directory. AVPdaemon is
	officially not supported by Q-S due to the company involved
	being unable to stick to a standard format...

1.02	3-Dec-2001

*	Added "--smtpd-check" so that people can  disable the 
	qmail_smtpd_check subroutine that has been causing problems
	for *some* sites (the "Whoa!" errors). Defaults to "yes" 
	- change to "no" to disable it. MAKE SURE YOU KNOW IT'S A
	PROBLEM BEFORE DISABLING THIS AS OTHERWISE YOU WILL GET
	DOUBLE-DELIVERY OF SOME MAIL DURING SOME ERROR CONDITIONS!!!

*	Changed required maildrop release to 1.3.6 as there's a buglet
	in previous reformime releases WRT how they handle broken
	MIME messages.

*	Added LANG support for Czech. Thanks to Pavel Lisy

*	Added "--fix-mime" option. This will allow Q-S to attempt to
	"fix" broken MIME mail messages before passing the message
	to reformime for initial processing. Disabled by default, it 
	should be safe to turn on, and if it is, will allow Q-S to 
	trap some viruses which might have bypassed the system due to 
	their "broken" nature. This feature will probably grow in the
	future...

*	Added LANG support for Afrikaans. Thanks to Schalk Cronje

*	Added support for Sophie - a GPLed daemonized version of Sophos 
	sweep. Please read the FAQ on how to install it so that it will
	correctly run with Q-S. Ensure you are comfortable with sophie
	before using it within Q-S. NO QUESTIONS ON Q-S MAILING-LISTS
	PLEASE!!!

*       Re-positioned the alarm statement

*	Added support for F-Prot (thanks to "Charlie") - see 
	http://www.theboenings.com/qmail-scanner/ 

*	Added comments to contrib/qmail-scanner-queue.c to help those
	who need to use it

*	Added LANG support for Portuguese. Thanks to Ricardo Oliveira

1.01	6-Sep-2001

*	Privacy issue. the "--add-dscr-hdrs yes" option now doesn't include 
	the "rcpt to" information for privacy reasons. If you must have that,
	configure as "--add-dscr-hdrs all" instead.

*	The infamous "Whoa!" bug should have been nailed dead. The problem
	was with running a smtp daemon check on messages injected by 
	qmail-inject - pretty stupid really...

*	Added LANG support for Polish. Thanks to Maciej Gruszczyski

*	Added LANG support for Swedish. Thanks to Thomas Berghemm


1.00	18-Aug-2001

*	Due to the tonnes of problems people are reporting with AVPDaemon,
	I am moving it back into the contrib directory. Please Email Kaspersky 
	about problems you have with AVP. If you can't get it working by itself, 
	there's no way it'll "magically" work under Qmail-Scanner.

*	documentation changes

*	Added LANG support for French. Thanks to Cedric Fontaine!

*	Added LANG support for Traditional Chinese. Thanks to tbsky!

1.00rc1	29-Jun-2001

*	Jumped to Release Candidate for 1.00! I've gone through
	and rewritten Qmail-Scanner in strict mode to make it
	happier with the newer perl-5.6 installs, tested on RH 7.1

*	For security reasons, all new releases of Qmail-Scanner should come
	with a GnuPG signature signed by myself:
	(Jason L. Haar <jhaar@users.sourceforge.net>)
	KEYID: 0xFE1D66D1
	Find my public key via key servers or from the Qmail-Scanner homepage

*	I've removed the ability of Q-S reporting all the attachment 
	filenames. It used to report even the filenames of files extracted
	from attachments. As someone could easily send an Email with a zip
	file with 1,000's of files within, this obviously just becomes
	stupid. So now it will only report on the actual original 
	Email attachments. Of course perlscanner and any anti-virus
	scanners still get to scan everything!

*       Many cosmetic changes. Removed almost all references to "virus"
        and introduced "quarantine" instead, as that better illustrates
        how Qmail-Scanner is more than just an Anti-Virus package

*       Better handling of multi-line headers

0.97 	<unreleased>

*	Added more sanity checks for insane conditions. Q-S will now
	exit with a temp error if it finds itself running the scanner
	loop for more than 20 minutes. That will catch broken virus
	scanners that are spinning around on wierd messages. It will
	also check that the qmail-smtpd process that spawned it is
	still operating before it reinjects into qmail-queue. Previously 
	it would end up double-delivering under such conditions.

*	Alerts to the "AV" admin can now be stopped if the offending
	Email is from a mailing-list. Use "--notify nmladm" instead of
	"--notify admin" to activate.

*	Alerts to recipients are now limited to only local users. See
	"--local-domains" configure option. Set to "." for backwards
	compatibility. Be warned you could end up spamming mailing-lists
	with alerts if you do that (there's no way Q-S can detect a 
	recipient address is a mailing-list - only senders).

* 	Bug fix with newer unzip programs. Well, more of a 
	"change in interpretation" :-).

*	Changed quite a few debug statements - hopefully they're more
	self-explanatory now.

*	Try to workaround problem with password-protected zip files, without
	losing information about the files. NOTE: password-protected files
	show up in the logs, but aren't checked against the perlscanner 
	database. This is a *FEATURE* - not a bug.

*	Martin Lesser has helped add support for AVPDaemon. You must have a 
	working install of it before Qmail-Scanner will even have a hope
	of working with it...

*	Allow $headers array to do multi-line matching on To: and Cc:
	headers.

*	Updated error messages for scanners. 

*	Added LANG support for Lithuanian. Thanks to Aidas Kasparas!

*	Added LANG support for Turkish. Thanks to Deniz Akkus Kanca!

*	Sophos SWEEP now called with "-f -sc" options. Too bad if it slows
	it down. It's needed to catch HTML viruses like KAKworm, and to 
	scan inside dynamically compressed files.
	
0.96 	26-Feb-2001

*	Documentation changes

*	BUG Fix. Fixed variable bug that could screw up extension matching
	in some circumstances.

0.95	24-Jan-2001

*	Fixed buglet where uuencoded file attachments weren't correctly
	check against internal perlscanner database.

*	Added support for other OSes uudecode. Should work on more 
	systems now.

*	Added test_installation.sh to the contrib directory. This wee 
	script will send two Email messages to "root" contain different
	variants of the EICAR test virus. The first will be picked by
	perlscanner, and the second by any commercial anti-virus package
	installed on your system. Simply running this after an Q-S 
	install should prove that Q-S is installed correctly. 

*	Altered some of the headers produced to make Q-S even more 
	"postmaster-like".

*	Added LANG support for Spanish. Thanks to Francisco J. Montilla!

*	Fixed some documentation errors

*	Changed some of the environment variables used

*	Made the generated Received: header RFC compliant

*	New option ("--log-details") generate log entries of mail 
        message details (frm/to/subject/attachments). Works well, 
	but running in the syslog mode involves two extra exec 
	calls - not for overloaded systems... Where possible, stick
	to the default logging to file mode. 

*	The Qmail RPMs referenced on www.qmail.org have a charming
	"feature" that breaks qmail-inject. Work-around put in place

*	Yet another sanity check for uuencoded attachments with
	stupidly long filename extensions.

0.94	10-Nov-2000

*	Fixes for new version of Sophos. They've changed it's format
	which breaks under older releases of Qmail-Scanner

*	more setuid changes to help reduce installation problems

*	error condition check altered for MacAfee

* 	Bug found in uudecoding section! Like old versions of reformime
	it wasn't checking for majorly long filenames and compensating,
	- now it does.

0.93	9-Oct-2000

*	Allow sites to attempt to run Qmail-Scanner even if they 
	don't have suidperl installed. Apparently there are some
	systems out there that support this - so who am I to stop
	them! :-)

*	Added support for InocuLAN - thanks to Michael Lahr!

*	Added LANG support for German - thanks to Michael Lahr!

*	Documented the perlscanner module. Can't believe I didn't
	notice that before!

*	Sigh - more documentation updates to fix.

*	Altered configure to be more Unix-independent.

*	Altered HBEDV subroutine

*	Have inserted sanity check for auto-generated filenames.
	This check will STOP perlscanner from looking at their
	extensions as the filenames are autogenerated and should
	never match anyway.

0.92	23-Aug-2000

*	Cosmetic documentation changes - that's the trouble with 
	renaming a package...

*	Altered qmail-scanner-queue.pl to detect whether or not an 
	attachment filename was generated by reformime. Such files 
	should never be matched by the perlscanner module as their
	filenames are randomly generated

0.91	22-Aug-2000

*	Spelling mistake - gah! quaranteen instead of quarantine...

*	Added support for Italian! Thanks to  Luca Gibelli

*	Support for non /var/qmail installed Qmail systems (like Debian).
	./configure will now work out where qmail is installed. Thanks 
	to Werner Fleck.

0.90	10-Aug-2000

*	NAME CHANGE. Scan4Virus is no more - now Qmail-Scanner. This name 
	better reflects the functionality of the product.

*	Added support for tnef. This wonderous utility allows us to unpack
	M$ TNEF attachments back into their "true" form before we run
	the scanners over them. Pick up heaps more viruses than you used
	to this way!

*	Added (poorly) documented calls to MacAfee's uvscan that allows it
	to unpack zip files and better macro-virus support.

0.53	30-Jun-2000

*	Removed support for metamail due to metamail not been able to handle 
	some types of MIME attachments.

*	Added support for F-Secure's fsav virus scanner. Thanks to Ian Scott 
	for that.

*	Updated documentation on altering the perms on suidperl.

0.52	7-Jun-2000

*	missing command-line option to Trend scanner - makes a BIG difference!
	Looks like there's some differences in the way Trend's vscan exits
	depending on engine version - grrrrrr! Have had to remove exit status
	check....

*	problem noticed by Kevin A. Hall regarding how the DB calls operate.
	Extra brackets fixed that!

0.51	23-May-2000

*	cosmetic changes

*	humungous mistake with metamail (again! - I really need separate 
	systems to test this on!), hopefully fixed for sure this time.

0.50	12-May-2000

*	Bit of a jump in versioning as I've added a major new feature in that 
	the internal scanner now supports scanning Email headers!

*	BUG FIX: METAMAIL_TMPDIR not defined - needed to make metamail
	save into the correct directory.

*	BUG FIX: If $descriptive_headers was defined, the extra headers
	weren't added to "clean" Email.

*	"antivirus-qmail-queue.pl -v" returns information regarding your
	system and scanning environment. Please include that output in any
	bug reports you make!

*	Support for uudecoding! If your uudecode program is deemed "safe",
	any uuencoded attachments will be decoded before the scanner runs.

*	Explicitly mention that QMAILQUEUE needs to be set in /etc/profile
	or the like if you want local shell users to have their mail scanned.
	[although as they are inherently not Windows users, you may want to
	save your system the effort and explicitly NOT do that! :-)]

*	Set TMP and TMPDIR env vars to "help" virus scanners write their
	temp files into a protected area - don't want to worry about
	race conditions now do we!

*	The "Love Letter" virus got me thinking. We really need to match
	on headers too. Here we knew the subject line of that virus
	was "ILOVEYOU" hours before we knew what the attachment
	filename was - let alone had any "official" antivirus
	update. The perlscanner can now match on any Email header as
	well as attachment filename. See quarantine-attachments.txt for
	details.

*	BUG FIX: Bug in the way that the perlscan module handles wildcard
	attachments. 

*	New feature. perlscan now runs exactly as other scanner modules do. 
	Zip files are unpacked before being scanned - but it can still match
	on zip files!

*	Initial support for avp. Untested by me - but should be fine. Thanks
	to Tulipant Gergely.

*	Redundant scanning. If $redundant_scanning is enabled, the scanners
	will scan original zip files and the original "raw" Email msg. Adds 
	extra load, but allows specific virus scanners that supports such
	advanced features to operate closer to their potential.

0.19	13-Mar-2000

*	BUG FIX: qmail-smtpd can reject mail and so drops its connection
	to $QMAILQUEUE. Now check that envelope addresses exist before 
	carrying on - gets rid of "Unable to queue message (28416)" errors.

*	Tighter umask.

*       Added archive support. If $archiveit=1, processed mail is
        archived into maildir /var/spool/qmailqueue/archive instead of 
	being deleted. BE VERY CAREFUL YOU DON'T RUN OUT OF DISKSPACE!
	
*	Added support for H+BEDV's antivir scanner. Details supplied by
	Johan Almqvist of luna.lu.se.

*	Changed a few variable names, and a small mis-calling of the macro 
	checking under MacAfee's uvscanner.

0.18	24-Feb-2000

*	Nasty bug in that I didn't have an explicit path to the find command
	- which screwed things up no end.

0.17	21-Feb-2000

*	Wildcard support for perlscanner! e.g. can now exclude 
        all *.MP3 files from entering your site :-)

* 	Removed mention of explicit "find" cronjob to scan
        /var/spool/qmailqueue for files. Network
	outages (as well as killing local qmail processes!) can lead
	to files lying around under that tree. So 
	"antivirus-qmail-queue.pl -z" now deletes any files older than
	30 hours it finds there (excluding the "viruses/" tree) instead
	of just the "tmp/" ones. That should be called daily by cron instead

*	Minor wording changes.
	
*	Documented existance of mailing-list (duh!)

0.16	31-Jan-2000

* 	Possible security hole found! Due to my historic use of
	qmail-inject, I'd overlooked one nasty command-line
	call... Fixed now - no longer any SMTP-generated data allowed
	on the command-line...

0.15	25-Jan-2000

*	Few documentation changes I forgot for 0.14.

0.14	24-Jan-2000

*	MAJOR IMPROVEMENT. Now uses qmail-queue directly - no longer
	needs to invoke qmail-inject. Thanks to Russ Allbery's 
	Qmail-Majordomo perl script for inspiration :-) 

*	New built-in scanner! perlscan_scanner scans a DB file containing 
	attachment filenames and sizes - a match means virus. This can be very
	useful when a new virus is discovered, details (including
	filenames and sizes) are released, and the antivirus vendors
	say it will be days/weeks before an official fix is released -
	this can tide you over...

*	Initial support for metamail for those who don't want to use 
	reformime. I'd recommend reformime as it is more actively
	supported, is smaller and doesn't have the feature-set that 
	metamail does - which should mean it's inherently more secure
	(no real evidence for that tho!). Anyway, look at $mimeunpacker
	if you would prefer to use metamail.

*	Support for Sophos's sweep virus scanner.

*	Removed X-Scan4Virus: headers. They were just a repeat of what was
	in the Received: header anyway, and if an Email went through two
	scan4virus servers, they'd be overwritten anyway. Save some writes 
	and speed things up a bit :-)	

*	Increased example ulimit for data segment size as I found that 
	some virus scanners need more memory than others. 

*	Moved several files back into default spool dir - keep the package
	all in one place.

*	Assorted little cleanups

0.13 	15-Dec-1999

*	Added Received: header that contains the scan4virus information
	regarding version numbers of scanners and pattern-files - that
	way if a message goes through several sites running scan4virus,
	all of their reports will show up in the headers.

*	Created a virus log function whereby every Email received with a virus
	is logged - so that reports can be generated (tab-delimited).



